USB Attacks with Mobile Devices Using Kali NetHunter

The Offensive Security folks are at it again. The builders of the popular pentesting distribution Kali Linux have launched a new tool called Kali NetHunter for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone.

The tool can masquerade as a keyboard via HID style attacks, issue commands to open an admin shell amongst other attacks, including BadUSB man-in-the-middle style attacks. Images of the tool are available for Nexus devices currently, but builds for other Android devices are likely on the way.

The tools are designed for use by an attacker who is inside the building and has physical access to a device— an insider threat—or someone who gains access to a building through social engineering, tailing etc. The tool can, of course, be mitigated by not logging into systems as ‘admin’ and ensuring staff log out of their systems when not attended.